Chapter 1; introduction to IT/business alignment,
planning, execution and governance
Overview
Today’s business challenges and drivers:
Our world is in a time of remarkable and sometimes overwhelming change. The pace of
change is accelerating on a global basis. Pressures for reducing costs, increasing speed and
continuous improvements are some of the pressures facing business and IT executives.
The scope and definition of enterprise governance and its relationship to business and its
governance;
The discipline of enterprise governance starts at the top. The critical questions are; how is
the board of directors structured? Does it operate in a way to ensure that they safeguard the
resources of the firm and the interest of corporate stakeholders? Effective governance
requires the board to focus on general oversight and stewardship and refrain from day-to-
day operations, so the board has a relatively objective perspective. Enterprise governance is
the set of responsibilities and practices with the goal of providing strategic direction,
ensuring that plans and objectives are achieved, assessing the management of risks and
assuring responsible resources usage. In an increasingly information technology-dependent
world no board can afford to ignore, delegate or avoid IT related decisions due to their large
impact. Competitive, financial and reputational risk is increased if boards fail to recognize
their role in governing technology as an asset and removing barriers to improve the
information governance.
Enterprise governance includes the leadership and governance oversight of enterprise
architecture to align business strategy, structures, systems, policies, processes and relational
mechanisms. This enables stakeholders to cost effectively engage to create value from the
use of data and information, services and technologies. It deals with the separate ownership
and control of an organization, while business governance focuses on the direction, control
and execution of the business plan and strategies by the CEO and his team. IT governance
focuses on the direction, control and execution of IT plans and strategies.
The board’s role in IT governance
With the growing importance of IT in an increasing number of organizations, the board is
forming a committee that focuses on IT strategy, investments and IT governance as part of
enterprise governance. IT governance is an integral part of enterprise governance and
consists of the leadership and organizational structures and processes that ensure that the
organization’s IT function sustains and extends the organization’s strategies and objectives.
Major challenges and issues faced by IT
At the end of the day, it comes down to a need for a plan and action program that can be
executed. At the same time, role of the CIO is undergoing significant change. Successful CIOs
recognize that IT has become far more than a means of increasing efficiency and reducing
costs. Rather, they see IT as a prime stimulus for, and enabler of, business innovation and
change. And as key collaborators in a process that develops business and IT strategies in
concert.
,Definition, purpose and scope of IT governance
Definition of IT governance; It clarifies oversight, accountability and decision rights for a
wide array of IT strategy, integration, resource and control activities. It is a collection of
management planning and performance review policies, practices etc.
Purpose of IT governance; The purpose is first of all to align IT investment and priorities
more closely with the business strategy and risk appetite; furthermore it is to manage,
evaluate, prioritize, fund, measure and monitor the request for IT services; In addition,
establish and clarify accountability and decision rights and to guarantee the responsible
utilization of resources and assets.
Scope of IT governance; The following topic should be addressed; (i) IT principles – high level
statements about how IT is used in the business; (ii) IT architecture – organizing logic to
achieve desired business and technical integration, standardization and cost optimization;
(iii) Service oriented architecture – supports the integration of the business as linked,
repeatable business tasks or services; (iv) IT infrastructure – centrally coordinated, based on
shared services that provide the foundation of the enterprise’s IT capability and support; (v)
business application needs; (vi) IT investment and prioritization
Successful IT governance is built on three critical pillars; these include
(1) Leadership, organization and decision rights; This defines the organization structure,
roles and responsibilities, these are well defined with respect to each of the IT
governance components and processes; clear hand-off ad interface agreements and
contracts exist for internal work and deliverables; motivated leaders and change
champions with the right talents, drive and competencies. The CIO is a change agent
who links process to technology within the business and provides the tools for
enablement.
(2) Flexible and scalable processes; The processes should be well-defined, documented
and measured; in addition the interface between organizations should be defined
and finally they should be flexible, scalable and consistently applied with commons
sense.
(3) Enabling technology; Processes need to be supported by software tools that support
the IT imperatives and components, these tools provide governance,
communications and effectiveness metric to accelerate decisions, follow-up and
manage actions.
If any of the above pillars is missing or ineffective, the IT governance will not be effective or
sustainable. In addition, over-dependence on one dimension over the others will result in
sub-optimal performance. This can lead to business losses and disruptions, damaged
reputations and weakened competitive positions. The simple fact is that a poorly executed IT
operation will result in the business not working. Furthermore, business and IT continuity
and resumption plan have become critical.
Implications of SOX and other regulations on IT governance
Compliance with a growing number of regulations and laws are creating new and greater IT
reporting and systems requirements for organizations. Much like IT governance, in order to
achieve sustainable compliance this complex and confusing mix can be approached most
effectively as a single comprehensive compliance program that addresses people, process
,and technology. Regulatory, audit and management requirements generally determine the
level of management and administrative controls a company deploys.
Linking the CEO role to achieving business growth, improving
profitability and creating an effective governance and compliance
environment
The role of the CEO and executive management is complex and requires a balance between
sustaining growth and profitability while optimizing organizational effectiveness, managing
proactive change and complying with the growing and confusing number of regulatory
requirements. It requires effective corporate and IT governance to play a growing role in
how the CEO and executive team deploy the strategy and measure their performance. It is
also their role to ensure that the strategy, systems, staff, performance and standards also
are extended to the company’s IT. There are few, if any, standards or guidelines developed
that identify and clearly lay out in more detail what level of governance is required for either
management or IT effectiveness, this depends on factors such as investment capital, degree
of dependence on technology and complexity and size.
Overview of the integrated IT governance framework, major
components and prerequisites
The blended and integrated governance framework consists of five critical IT governance
imperatives and address the following work areas;
1. Business strategy, plan and objective – development of the business strategy and
plan which should drive the IT strategy and plan
2. IT strategy, plan and objectives – based on the business plan and objectives and will
provide the direction and priorities of the IT functions and resources
3. IT plan execution – The processes of program and project management, IT service
management, risk and threat management, change management, security
contingency plans, outsourcing, data management etc.
4. Performance management, risk management and management controls –
5. Vendor- and outsourcing management – selecting and managing the vendors and
their deliverables
6. People development, continuous process improvement and learnings – Investing in
people, knowledge management and sustain continuous process improvement and
innovation initiatives.
A good place to start in the IT governance initiatives is to decompose it into manageable and
assignable work packages as in a work breakdown structure and assessing these work
packages such as manage planning, manage execution, manage performance and manage
value creation to champions and owners responsible for them. Furthermore, the decision
rights are an important component of effective IT governance. The purpose of a decision
rights matrix is to identify the IT decision influencers and decision makers in an organization
to clarify the decision roles and authority levels for the major IT areas. It eliminates
confusion, identifies accountability and clearly defines decision roles and scope.
Many top performing companies have established multi-level and -disciplinary business/IT
steering and governance boards and working committees with clear roles. This is important
because it helps to ensure alignment and provides a forum for investment decision making.
They should focus on reviewing and approving strategic plans, major projects and
, establishing priorities between competing request. Furthermore, they should establish and
support processes and conduct formal reviews of major initiatives. These boards are
responsible for the review and approve of overall IT plans, investment and conduction
reviews.
Typically, requests for IT services should be identified and accommodates in the strategic
and tactical plans and budgeted. Demand generally comes in several flavors; (a) mandatory;
and (b) discretionary. Both requests should be approved by the Business/IT leadership in de
IT strategic and operating plans or in accordance with an organization’s decisions rights and
approval authority guidelines established for IT.
Balanced scorecard in Business/IT governance performance management; A performance
management plan must be developed for IT, it should be a collaborative effort between the
business and IT and based on a number of objectives which support an organization’s
business vision, mission, plans, objectives and financials. It is important to measure the
performance of IT in terms than can be understood by the business, it is equally important to
have two types of reporting systems based on critical success factors and key performance
indicators. The execution of these plans and objectives must be monitored and measured by
a combination of balanced scorecard KPI as well as formal and informal status review
meetings and reports. The outcomes should link critical success factors to KPIs that are
measurable and linked to a governance component.
Steps in making IT governance real
A first step is to assess the current maturity levels of key IT governance components. As an
organization develops its IT governance strategy, it is useful to asses to level of maturity of
the organization. The CMMI model consists of five levels and can be used to analyze the
current state of the major IT components, these are;
1. Initial level – IT governance processes are characterized as ad hoc and sometimes
even chaotic. Few processes are defined, and success depends on individual effort.
2. Repeatable level – Basic processes are established. The necessary discipline is
evolving to repeat earlier success
3. Defined level – the IT governance processes are documented, standardized and
integrated into management policies and procedures. All processes are implemented
using approved version as part of IT governance policy and framework
4. Managed level – define, collect and make decisions based on each IT governance
component’s measurements. IT governance processes and metric are quantitively
understood, reported and controlled on an enterprise level.
5. Optimizing level – Continuous process improvement is enables by quantitative
feedback from processes, innovative ideas and from adoption of best practices and
standards.
In order to develop and/or improve the IT governance process, an organization must assess
its current and future governance state and develop a transition roadmap for its IT
transformations.
Summary and key take aways
IT governance is broad and complex with many parts, it represents a journey, it not a one-
time event. It should be pursued both top-down and bottom-up. Creating and sustaining a
